Me:
Hi, can you make a few bash commands to parse an apache access log? I’d like 2 variations: 1 that shows me the top 10 most active IP addresses in the logs. and another show shows me the most frequently request URIs
ChatGPT:
Sure, here are two bash commands that you can use to parse an Apache access log:
To show the top 10 most active IP addresses in the logs:
Copy code# Use the `awk` command to extract the IP address from each log line, and then use the `sort` and `uniq` commands to count the number of times each IP appears in the logawk '{print $1}' /path/to/access.log | sort | uniq -c | sort -nr | head -n 10
To show the most frequently requested URIs:
Copy code# Use the `awk` command to extract the URI from each log line, and then use the `sort` and `uniq` commands to count the number of times each URI appears in the logawk '{print $7}' /path/to/access.log | sort | uniq -c | sort -nr | head -n 10
These commands assume that the IP address is in the first field and the URI is in the seventh field of each log line. If your log has a different format, you may need to adjust the field numbers in the commands.
Real-World testing:
I ran these commands on my own server, and got the expected results:
[root@web1 ~]# awk '{print $1}' /var/log/apache2/domlogs/mattjung.net-ssl_log | sort | uniq -c | sort -nr | head -n 10
691 67.227.191.168
73 10.20.7.238
68 34.244.127.36
66 195.154.123.43
50 36.106.166.118
38 152.44.34.36
33 195.154.122.64
33 168.119.68.243
33 168.119.68.186
33 168.119.65.54
[root@web1 ~]# awk '{print $7}' /var/log/apache2/domlogs/mattjung.net-ssl_log | sort | uniq -c | sort -nr | head -n 10
443 /xmlrpc.php
397 /wp-login.php
181 /wp-content/uploads/2018/10/IMG_3976.jpg
169 /wp-cron.php
124 /
57 /blog/
55 /contact/
31 /robots.txt
29 /wp-json/contact-form-7/v1/contact-forms/1080/feedback
28 /sitemap_index.xml
Leave a Reply